I found they should have another grade also, I called it grade 9 which is unlisted in their system.

Grade 0: 41.84%Grade 1: 9.97%Grade 2: 3.11%Grade 3: 0.65%

Grade 9: 44.32% <- No match in their system at all

Considering I was running through a list of false positive messages I really thought there would be a higher trend towards the grade 3 ranking. I was only considering to whitelist a sender if they were rated 100% not a spam sender.

With only 0.65% of false positives being considered not a possible spam sender by dnswl.org it hardly seems worthwhile to even do the tests.

---------------------------------------------------------------------------
I am a user of SF, not an employee. Use any advice offered at your own risk.

Posted By: LogSat
Date Posted: 05 February 2011 at 8:24am

yapadu,

Thanks for posting these results. We've never advertised this (and with hindsight we should have), but we do use dnswl.org already, specifically with our SFDB database. IPs are being blacklisted, in realtime, in our SFDB database, but this is done also by considering their whitelist score with the dnswl.org database, for which we keep a local copy on our servers updated nightly. This has been done since the implementation of the SFDB filter years ago, and it has helped to make the SFDB filter extremely accurate, as years of blocking have shown. As an example, at any time we block somewhere between 200,000 and 400,000 IPs with the SFDB filter. Yet we only receive on average one or two complaints a month from admins of networks who had IPs blocked. In more that half of the cases, by the time the admins write us their IPs had already been delisted since the spam originating from them had stopped or slowed down. In the other half they were actively spamming and in this case we provide them with reports on the offender IPs so they can locate the source and stop it. These are all things that happen in the background here but never mentioned them... :-)

I did further testing after posting that message. I took the 1000 latest messages in quarantine and ran the same test. The results were much worse than the first test, there were 23 ranking at grade 0 and the rest were all unknown to the whitelist service.

From my testing (and what you have stated above) there seems to be no value in having the lookups against the whitelist at the individual server level.

---------------------------------------------------------------------------
I am a user of SF, not an employee. Use any advice offered at your own risk.